General Terms:

·       King Saud University must develop and approve an annual cybersecurity awareness program through multiple channels, aimed at:

-       Enhancing awareness of cybersecurity, its threats, and risks.

-       Building a positive culture that supports cybersecurity.

·       The approved awareness program must be applied to all employees and included in the new employee orientation program.

·       The cybersecurity awareness program must cover how to protect King Saud University from the most significant cybersecurity risks and threats, including emerging ones, such as:

-       King Saud University's policy for protecting information technology systems and data, particularly sensitive data.

-       The concept of segregation of duties and the principle of least privilege.

-       Preventing and detecting information security incidents, including malware attacks.

-       Safely handling email, especially phishing messages.

-       Secure handling of mobile devices and storage media.

-       Safe browsing practices on the internet.

-       Secure handling of social media.

-       Access controls, including (creating, changing, and maintaining the confidentiality of passwords).

-       King Saud University’s remote access policy.

-       King Saud University’s acceptable use policy.

·       Specialized training and necessary skills must be provided to employees in roles directly related to cybersecurity at King Saud University, and classified according to their job responsibilities. This includes:

-       Employees working in the department responsible for cybersecurity.

-       Employees working in software and application development and managing the university's information technology assets.

-       Supervisory and executive-level employees.